Botnets of webcams, building better mobile app wrappers, trying to stamp out a major Microsoft Office Word/Excel bug that just doesn’t want to go away, and more on ATM skimmers along with some summer fun too.
We'd love to hear from you – have you experienced any other MS Office exploits lately?
Have you checked your webcams and other embedded devices lately to make sure they haven’t been compromised? Here is a bug that has been around for four years and responsible for nearly half of Microsoft Office exploits. It works by compromising Word and Excel documents to allow arbitrary code execution. It is examined in detail by a security researcher, including how it actually works and how it evades detection. – NAKED SECURITY
Here is an interesting interview with a former NSA employee who shared some of his hacking interests and motivations. It is a reminder that there is no safe Internet haven, and that everything can be turned into an attack surface eventually. – THE INTERCEPT
What new things did you learn from this interview? This is a good summary of how you can incorporate app container and wrapping security into your overall mobile app development toolbox. By creating these “safe havens” for data you can isolate potential infections or misuse and also keeping the overall user experience high. App wrapping can add encryption and step-up to VPNs when needed. -- SEARCHSECURITY
Any particular app wrapping tools you would recommend?
What strategies are you using to better identify and contain intrusions? While somewhat self-serving, this blog post offers up a nice collection of suggestions on how to make your network more difficult to penetrate, such as by using file integrity monitoring solutions, database profiling and a database firewall, enforcing host based access controls. – IMPERVA BLOG My review of 10 endpoint detection and remediation products shows a growing sophistication and subtlety into how we try to stay ahead of the malware creators. In this hands-on test, I look at coverage beyond ordinary Windows endpoints, the various agent/agentless approaches, what kinds of virus feeds and integrations with event logs are available and whether the products can be used in real time or not. -- NETWORK WORLD
The DoD bug bounty program has inspired another federal agency to put together its own program, which could be up and running later this year. The Department of Health and Human Services is looking at ways to improve security for both medical devices and electronic medical records. The challenge will be in how the vulnerabilities are shared and fixed once identified.– FEDERAL TIMES
What advice would you give to the government to run effective bounty programs?
Just for fun
We celebrate our nation’s independence (the above is just some of the aftermath on a local Maryland beach) and we also must mark the day as the time to turn off THOMAS. As in the 20+-year-old Library of Congress database. Back in the mid-1990s you would be able to search for full-text legislation when the web was young and many people still used Gopher and Archie protocols. Many of us recall with fondness and frustration the old system, and you can get a look back to those times here. – LIBRARY OF CONGRESS BLOG Thanks to Brian Krebs we are all a little bit more aware of ATM skimmers that can read our bank cards when we think we are just using an ordinary ATM machine. This video shows you how to approach any ATM machine these days and make sure that someone hasn’t added a skimmer to the machine, and exactly what one of these beastly things looks like, down to the transparent cover and well-placed electronics. -- HACKER NEWSNot surprisingly, a study of TV-related Tweets by social analytics company Canvs found that feelings of hate lead to up to three times bigger increases in viewership the following week for drama and reality shows. Maybe Taylor Swift was right. – ADWEEK
How likely are you to recommend Inside Securityto a friend or colleague?
More from Inside
Inside Security is just one of Inside's network of newsletters. Here are some others you might like:
Inside VR & AR: Diving deep into the virtual/augmented reality products, companies, communities, and news. (2x/week)
Inside Electric Vehicles: From Tesla to Faraday Future to the big car manufacturers, we're tracking everything in the EV industry. (2x/week)
Inside Daily Brief: A roundup of all the most interesting news, across verticals. (2x/day)
ReadThisThing: One link to a fascinating piece of journalism, daily.